ProtonMail is an email service that prides itself on airtight security for its customers. The latest update (v3.14 for web and v1.9 for Android) adds full PGP support and address verification, both intended to further secure communications.
PGP support is a good thing to see, since it allows ProtonMail (which uses a PGP-based system for encryption) users to communicate with people on other services securely. Simply import your contacts' public keys (and get them to do the same for you) and you're ready to start sending encrypted emails. ProtonMail is also opening a public key server for users on other services to access your key in order to email you securely.
The highlight of this update is what ProtonMail calls address verification. It effectively negates man-in-the-middle attacks by confirming sender email address keys that you have previously trusted. Since each key is encrypted and digitally signed, ProtonMail claims that it makes it impossible for a nefarious third-party to inject itself into the conversation. It's important to note that this is only available between ProtonMail users; people on other products must rely on the newly-added PGP support.
Obviously, this stuff is mostly unimportant to casual users, but for those who require the utmost security for communications, both address verification and full PGP support are massively beneficial.
With Address Verification and PGP support, ProtonMail is now the only email provider that lets users verify encryption keys and send PGP emails straight from their mailbox, making the service more secure and convenient than ever before.
ProtonMail emails are already protected with end-to-end encryption, meaning the company does not have access to user data. Address Verification adds an additional layer of protection by ensuring that a malicious attacker cannot trick a ProtonMail user into sending an encrypted email that can be intercepted and decrypted.
Address Verification prevents an attacker from introducing a malicious encryption key by verifying the encryption keys used in each message exchange. This prevents the successful execution of a Man-in-the-Middle (MITM) attack, even in the event of a compromise of ProtonMail's encryption key servers. Address Verification ensures that the correct encryption key is used every time. This is a security feature that is not available in any other email service.
“ProtonMail has a unique mission to protect many of the world's journalists and activists, which we take very seriously,” said ProtonMail CEO and Founder Dr. Andy Yen, “Address Verification is a way to provide additional protection to users with sensitive security needs."
Along with Address Verification, ProtonMail is also announcing PGP support, which makes ProtonMail's encryption fully interoperable. Any PGP user can now exchange encrypted emails with ProtonMail users, making automatic end-to-end encryption possible even if both parties aren't using ProtonMail.
"We believe that encrypted communication systems should be open, and not a walled garden controlled by a single entity." Yen said, "That's why achieving interoperability is important for us, and we believe this will help make encrypted email as ubiquitous as email itself."